View
216
Download
0
Category
Preview:
Citation preview
7. Legal
Topics
• Fourth Amendment
• E-Discovery
• Duty to Preserve
• Private Searches
• ECPA
• Searching With & Without a Warrant
Fourth Amendment
Fourth Amendment
• The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Criminal Law—Searches Without a
Warrant
• 1. Did the government act?
• 2. Did that action violate a person's reasonable expectation of privacy?
• Only if both answers are "YES" does the Fourth Amendment apply
• A person acting at the request of law enforcement becomes an agent of the government, and Q1=YES
Reasonable Expectation of Privacy
• No simple answer
• A computer can be treated as a closed containero If an officer lacks authority to open a desk drawer or box,
there isn't authority to examine a computer either
• If a reasonable expectation of privacy exists, the government must get a search warrant, or meet one of the documented exceptions
• Are individual files closed containers?o Case law is unclear
• Data a individual places on shared computers or drives is not protected by the fourth amendment
Private Searches• Fourth amendment does not apply if the examiner is
not acting at the request of government
• If a Geek Squad worker finds illegal files on a computer, that evidence is admissible
• Link Ch 7a
Email• Treated like regular postal mail
• Email has fourth amendment protection while it is being transmitted, but the protection stops when it is delivered to its destination.
• Legal interception is regulated by the Wiretap Act of 1968o Prohibits unauthorized monitoring
o Lists procedures needed to obtain a warrant for wiretapping
The Electronic Communications Privacy Act
(ECPA)• Bans third parties from intercepting and/or
disclosing electronic communications
• An amendment to the the Wiretap Act, passed in 1968
• Changed in 1994 by CALEA (Communications Assistance to Law Enforcement Act)
• Changed again by the PATRIOT Act o Re-authorized in 2006
CALEA (Communications
Assistance to Law Enforcement
Act)
• Requires telecommunications providers to assist law enforcement with wiretapso In practice, this forces them to use special equipment
• Expanded in 2006 to cover broadband Internet providers
• From the FCC (Link Ch 7b)
CALEA and the Internet• CALEA doesn't yet apply to instant messages and
Emailo From the EFF (Link Ch 7c)
The USA PATRIOT Act• Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism
• Here's what the DoJ says about it (Link Ch 8d)
EFF on PATRIOT Act• Link Ch 7e
National Security Letters• National Security Letters are allowed by the
PATRIOT Act, forcing Internet service providers to tap users and not tell them
• The verdict below may stop them, but it may be appealed (Link Ch 7g)
Exceptions to the Search Warrant
Requirement
Exceptions to the Search Warrant Requirement
• An authorized person gives voluntary consent for the searcho "Voluntary" will be judged on the totality of the circumstanceso Consent can be revoked at any timeo Search must stop at that timeo BUT if you have already made a forensic clone, you only need
to return the original and may continue to examine the clone
o So make the clone promptly
• Scope of consent o Consenting to search a house may not apply to closed
containers and computerso Party may set forth restrictions on the search
Consent Forms
• Link Ch 7h
Consent Searches
• Third parties can sometimes consento Roommates, spouses, parents…
• If a device is shared, all parties can consent to search its common areaso None of the users have a reasonable
expectation of privacy in the common areas
• Password-protected areas are not common areaso Unless the suspect shared the password with
the third party
Consent Searches
• Spouses can consent to the search of common areas
• Parents can consent to a search of a minor child's property (age under 18)
• Technicians often uncover evidence during their worko It's unclear whether technicians have the right
to consent to a search
Exigent Circumstances
• An immediate seizure and search of a digital device is required under one of three conditions:
• Evidence is under imminent threat of destruction
• A threat puts law enforcement or the public in danger
• Suspect is expected to escape before a search warrant can be acquiredo This may justify seizure only, not search
Plain View• If officers are legally allowed to be where they
are and can see something immediately incriminating o They can use that evidence
• A forensic examiner investigating one crime may find evidence of anothero Stop the search until a separate search warrant is
obtained
Border Searches• These searches are allowed more latitude
o Border searcheso Searches by probation or parole officers
Employees• Employees in the workplace may not have a
reasonable expectation of privacy• Officers can search a computer if an employer or
co-worker with shared authority gives permission
• Government employees can only be searched if the search is "work-related, justified at their inception, and permissible in scope"
Searching with a
Warrant
Searching with a Warrant
• Search warrant is granted by a judge, based on probable cause that a crime was committed and evidence will be found at that location
• Computer may have different roleso A computer containing child porn is
contrabando Computer may contain incriminating
documentso Computer may be the instrument of a crime
such as hacking
Seize Hardware or Information?
• Hardware must be seized if computer is:oContrabandoEvidenceoFruitso Instrumentality
• Otherwise, all you need is the data
Particularity• You need to state clearly what can be seized and
what cannot
Establishing Need for Off-Site
Analysis
• Examination is time-consuming and best performed in a forensics lab
• This should be explained in the affidavit justifying removing and holding the devices
Stored Communications Act• Lays out process law enforcement must use to
force disclosure of data from Internet Service Providers (ISPs)o Emailo Subscriber and billing information
• Enacted in 1986• Two types of service providers
o Electronic Communication Service (ECS)• Including telephone and email services, like AOL
o Remote Computing Service (RCS)• Provides storage or processing services
E-Discovery
Electronic Discovery (eDiscovery)
• The process of collecting, preparing, reviewing, and producing electronically stored information (ESI) in the context of the legal process
• ESI iso Easily modifiedo Volatileo Easily duplicated or dispersedo Large volume of data
Duty to Preserve
• Rules of Civil Procedure were changed in 2006 to address digital evidence
• Opposing attorneys must deal with ESI early in the process
• Duty to preserve potentially relevant data begins with there is "reasonable expectation of litigation"
• Failure to preserve is spoilation of evidenceo Can lead to severe sanctions
• Duty to preserve often starts long before a subpoena is served
eDiscovery
• Data sampling is a way to test large volumes of ESI for the "existence or frequency of relevant information"
• Costs of eDiscovery can be massiveo Typically costs are borne by the
producing partyoCosts can be shifted to the requesting
party if certain conditions are met
Private Searches in the Workplace
• Employers have a lot of latitude to search an individual's company computer
• Best practice: computer use policy stating that work computers, email, etc. are for work purposes only and may be searched at any time
• Fourth amendment (if law enforcement is doing the search)o A work computer can be searched with consent of a
supervisor or another employee who has common authority over the area to be searched
• Consult with attorney for guidance
Expert Testimony
• Expert witnesses can state opinions• Expert doesn't need a PhD or other
credentials• An expert has "special knowledge, skill,
training, or experience" which makes him or her qualified to "aid the factfinder in matters that exceed the common knowledge of ordinary people"
Source of Images• Several images are from the textbook, I didn't cite
sources for them
Recommended